From 31695c75575f3998ac0c5d466d0b85276289a730 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 21 Feb 2019 15:38:47 +0100
Subject: [PATCH] extensions: AUDIT: Document ineffective --type option
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
(cherry picked from commit dffb5ec2a8c7f91351e2a1029a757cb1f41f2d02)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
extensions/libxt_AUDIT.man | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/extensions/libxt_AUDIT.man b/extensions/libxt_AUDIT.man
index cd796967c431a..4f5562e8ca425 100644
--- a/extensions/libxt_AUDIT.man
+++ b/extensions/libxt_AUDIT.man
@@ -3,12 +3,14 @@ It can be used to record accepted, dropped, and rejected packets. See
auditd(8) for additional details.
.TP
\fB\-\-type\fP {\fBaccept\fP|\fBdrop\fP|\fBreject\fP}
-Set type of audit record.
+Set type of audit record. Starting with linux-4.12, this option has no effect
+on generated audit messages anymore. It is still accepted by iptables for
+compatibility reasons, but ignored.
.PP
Example:
.IP
iptables \-N AUDIT_DROP
.IP
-iptables \-A AUDIT_DROP \-j AUDIT \-\-type drop
+iptables \-A AUDIT_DROP \-j AUDIT
.IP
iptables \-A AUDIT_DROP \-j DROP
--
2.21.0